Adding a Human Element to Cybersecurity

I read an article this morning that discussed how little most companies trust friendly hackers when they discover vulnerabilities. According to the San Francisco Chronicle article, while some larger tech companies are willing to listen to these outside sources, the majority are leery of them [registration required].

Vulnerabilities and exploits grab headlines and the attention of the world’s security community . . . However, penetration testers and criminal intruders agree: Compromised credentials are what makes the job of hacking possible and profitable for intruders on a daily basis.

Researchers said that by monitoring user accounts, cloud usage, location of mobile BYOD (bring your own device) use, and lateral movement of information within their systems, enterprises can gain insight into how employees use information to better detect abnormalities.

Unfortunately, only a small number of companies rely on behavior analysis right now, according to a recent SANS survey on analytics, so already companies aren’t doing as much as they can to take advantage of what we know (and can continue to learn) about human behavior. At the same time, can behavior analysis be enhanced by friendly hackers?

User behavior analytics can offer a ton of value on a number of fronts. Not only do these metrics offer visibility into potential insider threats, but they can also show early red flags for when accounts have been compromised by external attackers.

So my question is, if friendly hackers discovered vulnerabilities, how does that information mesh with behavior analytics as a way to add another layer to security detection and prevention?

It’s so easy to get caught up on the machine, software and tech side of security that we often forget the human element, both for good and for bad. We know humans are the ones developing the mechanisms of cybercrime, so now we need to figure out how humans can play a bigger role in preventing it.

Sue Marquette Poremba has been writing about network security since 2008. In addition to her coverage of security issues for IT Business Edge, her security articles have been published at various sites such as Forbes, Midsize Insider and Tom's Guide. You can reach Sue via Twitter: @sueporemba

Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.